Standards for NHS Providers 2018-19 - Fraud, bribery and corruption February 2018 Version 1.0 - NHS Counter Fraud Authority
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
OFFICIAL Standards for NHS Providers 2018-19 Fraud, bribery and corruption February 2018 Version 1.0 NHS fraud. Spot it. Report it. Together we stop it.
OFFICIAL
Version control
Version Name Date Comment
1.0 First edition Feb 2018 NA
Standards for NHS bodies 2018-19 -1 Introduction................................................................................................................ 5
2 The NHS Standard Contract ..................................................................................... 6
3 Overview of the standards ........................................................................................ 7
Introduction ........................................................................................................................................... 7
Counter fraud standards ....................................................................................................................... 7
4 The quality assurance programme........................................................................... 8
Overview ............................................................................................................................................... 8
Counter fraud, bribery and corruption quality assurance programme .................................................. 9
Annual report ........................................................................................................................................ 9
Self review tool .................................................................................................................................... 10
Assessments ...................................................................................................................................... 10
Full assessment .................................................................................................................................... 11
Focused assessment ............................................................................................................................ 11
Thematic assessment ........................................................................................................................... 12
Assessment process............................................................................................................................. 13
Performance ratings ........................................................................................................................... 14
Identifying and mitigating risks ............................................................................................................ 16
Risk....................................................................................................................................................... 16
Objective............................................................................................................................................... 16
Task ...................................................................................................................................................... 16
Outputs ................................................................................................................................................. 16
Outcomes ............................................................................................................................................. 16
Weightings .......................................................................................................................................... 17
Reasonable expectations ................................................................................................................... 17
Feedback ............................................................................................................................................ 17
5 Standards ................................................................................................................. 18
Key Principle 1: Strategic Governance ............................................................................................... 18
Standard 1.1 ......................................................................................................................................... 18
Standard 1.2 ......................................................................................................................................... 20
Standard 1.3 ......................................................................................................................................... 22
Standard 1.4 ......................................................................................................................................... 24
Standard 1.5 ......................................................................................................................................... 26
Standard 1.6 ......................................................................................................................................... 28
Standard 1.7 ......................................................................................................................................... 30
Key Principle 2: Inform and Involve .................................................................................................... 32
Standard 2.1 ......................................................................................................................................... 32
Standard 2.2 ......................................................................................................................................... 35
Standard 2.3 ......................................................................................................................................... 37
Standard 2.4 ......................................................................................................................................... 39
Key Principle 3: Prevent and Deter ..................................................................................................... 42
Standard 3.1 ......................................................................................................................................... 42
Standard 3.2 ......................................................................................................................................... 44
Standard 3.3 ......................................................................................................................................... 46
Standard 3.4 ......................................................................................................................................... 48
Standard 3.5 ......................................................................................................................................... 50Standard 3.6 ......................................................................................................................................... 53
Key Principle 4: Hold to Account ........................................................................................................ 55
Standard 4.1 ......................................................................................................................................... 55
Standard 4.2 ......................................................................................................................................... 57
Standard 4.3 ......................................................................................................................................... 59
Standard 4.4 ......................................................................................................................................... 61
Standard 4.5 ......................................................................................................................................... 63
Standard 4.6 ......................................................................................................................................... 65
6 Appendices .............................................................................................................. 67
Appendix 1 - QA programme - Reasonable expectations of the parties ............................................ 67
Appendix 2 – The counter fraud assurance programme .................................................................... 68
Appendix 3 – Summary of changes for 2018-19 ................................................................................ 69OFFICIAL
1 Introduction
1.1 This document aims to provide information to providers of NHS services on the
counter fraud clauses in the NHS Standard Contract 2017/2019 1, and explain
what providers need to do to comply with them.
1.2 The NHS Counter Fraud Authority (NHSCFA) is a new Special Health Authority,
established on 1 November 2017 and charged with identifying, investigating and
preventing fraud within the NHS and the wider health group. The legislation
which created the NHSCFA transferred all functions and powers from NHS
Protect to the NHSCFA. The NHSCFA is independent from other NHS bodies
and is directly accountable to the Department of Health and Social Care.
1.3 For more information please visit the NHSCFA website at https://cfa.nhs.uk.
1.4 The term ‘fraud’ above in 1.2 refers to a range of economic crimes, such as
fraud, bribery and corruption or any other illegal acts committed by an individual
or group of individuals to obtain a financial or professional gain.
1.5 The NHSCFA has five high-level organisational aims. These are:
Deliver the Department of Health and Social Care strategy, vision and
strategic plan and lead counter fraud activity in the NHS in England.
Be the single expert intelligence led organisation providing a centralised
investigation capacity for complex economic crime matters in the NHS.
Lead and influence the improvement of standards in counter fraud work
across the NHS.
Take the lead in and encourage fraud reporting across the NHS and
wider health group.
Continue to develop the expertise of staff working for the NHSCFA.
1.6 The NHS Standard Contract includes mandatory clauses that require providers
of NHS services to put in place and maintain appropriate counter fraud
arrangements in Chapter 2.
1.7 An overview of the standards is provided in Chapter 3.
1.8 Chapter 4 provides an overview of the quality assurance programme.
1.9 Finally, Chapter 5 provides a detailed explanation for each of the standards,
giving an indication of what the organisation needs to do to comply with the
standard.
1
NHS Standard Contract updated January 2018.
Standards for NHS Providers 2018-19 - Introduction - Page 5 of 69OFFICIAL
2 The NHS Standard Contract
2.1 The NHS Standard Contract published by NHS England, should be used by
Clinical Commissioning Groups (CCGs) and NHS England when commissioning
NHS funded services including acute, ambulance, care home, community-
based, high secure and mental health and learning disability services. CCGs
must also use the NHS Standard Contract for all community-based services
provided by GPs, pharmacies and optometrists that have been previously
commissioned as Local Enhanced Services.
2.2 The counter fraud clauses are set out in Service Condition 24 and place the
follow obligations on providers of NHS services:
Service Condition 24.1 requires all providers to put in place and maintain
appropriate counter fraud arrangements, having regard to the NHSCFA’s
standards.
Service Condition 24.2 requires those relevant providers which are
licensed 2 by Monitor 3 , and NHS Trusts, to take the necessary action to
meet the standards set by the NHSCFA.
Service Condition 24.3 requires the provider to allow, if requested by the
co-ordinating commissioner or the NHSCFA, a person duly authorised to
act on behalf of the NHSCFA or on behalf of any commissioner to
review, in line with the appropriate standards, and counter fraud
arrangements put in place by the provider.
Service Condition 24.4 requires the provider to implement any
modifications to its counter fraud arrangements required by a person
referred to in Service Condition 24.3 within such timescales as that
person may reasonably require.
Service Condition 24.5 requires the provider to report any suspected
fraud or corruption involving a service user or NHS funds to the LCFS of
the relevant NHS body and the NHSCFA.
Service Condition 24.6 requires the provider, on the request of the
Department of Health and Social Care, NHS England, the NHSCFA or
the co-ordinating commissioner, to ensure that the NHSCFA or any
LCFS appointed by a commissioner is given access within five
operational days to property, premises, information and staff for the
purpose of detecting and investigating cases of fraud and corruption
incidents and breaches.
2.3 The standards referenced in Service Condition 24.2 are explained in Chapter 5.
2
A licence granted by NHS Improvement under section 87 of the Health and Social Care Act 2012.
3
NHS Improvement has brought together two distinct legal entities: Monitor, a non-departmental public
body and the NHS Trust Development Authority, a special health authority, under a single leadership
and operating model. Both organisations continue to maintain their current legal underpinnings as two
separate bodies. Monitor is a corporate body provided by section 61 of the Health and Social Care Act
2012.
Standards for NHS Providers 2018-19 - The NHS Standard Contract - Page 6 of 69OFFICIAL
3 Overview of the standards
Introduction
3.1 The NHSCFA is committed to ensuring NHS resources are appropriately
protected from fraud, bribery and corruption and has developed a series of
counter fraud standards for providers of NHS services.
3.2 Providers should ensure that NHS funds and resources are safeguarded
against those minded to commit fraud, bribery or corruption. Failure to do so
impacts on a provider’s ability to deliver services and treatment, as NHS funds
and resources are wrongfully diverted from patient care.
Counter fraud standards
3.3 The standards in this document have been developed to support NHS providers
in implementing appropriate measures to counter fraud, bribery and corruption.
Having appropriate measures in place helps to protect NHS resources against
fraud, bribery and corruption and ensures they are used for their intended
purpose, the delivery of patient care. It is the responsibility of the organisation
as a whole to ensure it meets the required standards. However, one or more
departments or individuals may be responsible for implementing a specific
standard. The key departments or individuals likely to be involved in helping the
organisation meet the fraud, bribery and corruption standards are finance,
internal and external audit, risk, communications and human resources.
3.4 The fraud, bribery and corruption standards are set out in detail in Chapter 5 of
this document and there are four key sections that follow the NHSCFA’s
strategy:
3.5 Key Principle 1: Strategic Governance. This section sets out the standards in
relation to the organisation’s strategic governance arrangements. The aim is to
ensure that counter fraud measures are embedded at all levels across the
organisation. (Chapter 5, Standards 1.1 – 1.7)
3.6 Key Principle 2: Inform and Involve. This section sets out the requirements in
relation to raising awareness of crime risks against the NHS and working with
NHS staff, stakeholders and the public to highlight the risks and consequences
of fraud and bribery affecting the NHS. (Chapter 5, Standards 2.1 – 2.4)
3.7 Key Principle 3: Prevent and Deter. This section sets out the requirements in
relation to discouraging individuals who may be tempted to commit fraud
against the NHS and ensuring that opportunities for fraud to occur are
minimised. (Chapter 5, Standards 3.1 – 3.6)
3.8 Key Principle 4: Hold to Account. This section sets out the requirements in
relation to detecting and investigating economic crime, obtaining sanctions and
seeking redress. (Chapter 5, Standards 4.1 – 4.6)
Standards for NHS Providers 2018-19 - Overview of the standards - Page 7 of 69OFFICIAL
4 The quality assurance programme
Overview
4.1 The NHSCFA mission is to lead the fight against fraud affecting the NHS and
wider health service, and protect vital resources intended for patient care. Its
vision is for an NHS which can protect its valuable resources from fraud. Its
purpose is to lead the NHS in protecting its resources by using intelligence to
understand the nature of fraud risks, investigate serious and complex fraud,
reduce its impact and drive improvements.
4.2 The NHS counter fraud quality assurance programme will drive these
improvements by ensuring that quality requirements are fulfilled. This will be
done through systematic measurement, comparison with standards, monitoring
of processes and a continuous loop of feedback.
4.3 Using the counter fraud, bribery and corruption standards set out in this
document, the NHSCFA will support organisations through regular
benchmarking, compliance testing, evaluation of effectiveness and value for
money indicators. The quality assurance programme also enables the analysis
of trends and patterns in performance in relation to each standard for each
organisation type. This will assist in providing comprehensive and focused
support to organisations.
4.4 Additionally, the NHSCFA will provide robust assurance to stakeholders,
including participating organisations, NHS England and the Department of
Health and Social Care (DHSC). Using our strong links with regulators such as
the Care Quality Commission (CQC) and NHS Improvement, we will share
information about the standards of counter fraud work to eliminate duplication of
effort for providers.
4.5 Quality assurance of counter fraud work has been shown to drive up standards
and the NHSCFA has developed a flexible, responsive and transparent process
which will be provided through monitored action plans. This will ensure that the
counter fraud work carried out mitigates both national and local identified risks.
4.6 This section provides guidance on the quality assurance programme and should
be used in conjunction with other relevant instructions and guidance that have
been issued to support counter fraud work.
4.7 These documents include:
The NHS Standard Contract
NHSCFA standards for providers - fraud, bribery and corruption (as
outlined in chapters 3 and 5)
NHS Counter Fraud Manual 4
CIPFA Code of Practice on Managing the Risk of Fraud and Corruption.
4
Access to secure NHSCFA Extranet is required via N3 to access this resource.
Standards for NHS Providers 2018-19 - The quality assurance programme - Page 8 of 69OFFICIAL
4.8 This list is not exhaustive and additional guidance can always be sought from
the NHSCFA if required.
Counter fraud, bribery and corruption quality assurance
programme
4.9 The NHSCFA quality assurance programme comprises of two main processes:
assurance and assessment. Both are closely linked to the counter fraud, bribery
and corruption standards set out in this document.
4.10 The quality assurance process includes an annual self review against the
standards, which is conducted by organisations and submitted to the NHSCFA.
The assessment process is conducted by the NHSCFA’s Quality and
Compliance team in partnership with the organisation.
Annual report
4.11 The NHSCFA requires organisations to provide an annual statement of
assurance against the counter fraud standards. This statement of assurance is
provided through completion of the annual report and the Self Review Tool
(SRT).
4.12 Standard 1.5 requires organisations to produce an annual report. To assist
organisations with this, a template has been produced, which is available at
NHSCFA Extranet 5. The template is not intended to stipulate either the format
that should be used or specific text describing counter fraud, bribery and
corruption activities. However, the following items must be included in the
annual report:
the completed self review tool
a signed declaration using the wording as indicated in the annual report
template
the days used to deliver counter fraud, bribery and corruption work
the cost of counter fraud, bribery and corruption work carried out during
the year.
4.13 There is no requirement to send the annual report to the NHSCFA’s Quality and
Compliance team, unless the organisation is selected for assessment and the
annual report is requested as part of the evidence submitted.
4.14 Although the annual report may usually be completed by the nominated counter
fraud, bribery and corruption specialist, it is crucial that sign-off is provided by
an executive representative of the organisation to provide stakeholders with the
correct level of assurance. The member of the executive board responsible for
overseeing counter fraud, bribery and corruption work should sign off the annual
report by completing and signing it as indicated on the guidance template. This
will provide participating organisations, NHS England and DHSC with
assurance that the organisation complies with counter fraud, bribery and
corruption standards in line with its contractual obligations.
5
Access to secure NHSCFA Extranet is required via N3 to access this resource.
Standards for NHS Providers 2018-19 - The quality assurance programme - Page 9 of 69OFFICIAL
4.15 The Quality and Compliance team will select the organisations to be assessed
along with the type of assessment that will be undertaken. While we cannot
carry out assessments of all organisations every year, we will endeavour to
cover organisations regularly. Under-representation in any of the groups relating
to sector or type will need to be addressed to ensure that the fullest picture of
the delivery of counter fraud, bribery and corruption work is obtained. Although
we seek to provide organisations with some certainty about whether or not they
will be assessed, sometimes new information is received which results in a
triggered assessment. However, we will give ample notice of any assessment
we undertake.
Self review tool
4.16 The self review tool (SRT) enables the organisation to produce a summary of
the counter fraud, bribery and corruption work conducted over the previous
twelve months. Organisations are required to complete the SRT annually and
return it to the NHSCFA by a specified deadline. The SRT also covers the key
areas of activity outlined in the standards.
4.17 Upon completion, the SRT provides a red, amber or green (RAG) rating for
each of the key areas and an overall RAG rating. Further details of the red,
amber and green ratings are outlined in Performance Ratings (paragraph 4.41)
onwards.
4.18 Organisations should use the SRT in conjunction with their work planning. They
can use it to review the progress made against the work plan developed at the
beginning of the year. The SRT can also assist them in identifying risk areas
and formulating objectives and tasks as they develop the work plan for the
following financial year. Organisations can also use the SRT to monitor their
compliance with the requirements of the standards throughout the year.
Assessments
4.19 The assessment process is a means of evaluating an organisation’s
effectiveness in dealing with the fraud, bribery and corruption risks it faces. The
process covers all activity carried out in the two years before the date of the
assessment. The process is designed to be flexible, transparent and responsive
to locally and nationally identified fraud, bribery and corruption risks. Where
required, the NHSCFA shall provide organisations with recommendations to
support them in mitigating their risks.
4.20 If an organisation, in the judgement of the Quality and Compliance team,
requires an assessment, one of four types of assessment will be conducted:
Full
Focused
Thematic
Triggered.
Standards for NHS Providers 2018-19 - The quality assurance programme - Page 10 of 69OFFICIAL
Full assessment
4.21 A full assessment would normally be used when an organisation’s counter fraud
arrangements are identified as at significant risk. Such an organisation may
demonstrate some or all of the following areas of concern (the list is not
exhaustive):
The RED, AMBER or GREEN rating provided in the SRT is not
supported by the annual report or any comments made in the SRT.
Counter fraud, bribery and corruption provision is lacking or inadequate.
There are recommendations from previous assessments that have not
been addressed.
There is no evidence of a risk-based approach to counter fraud, bribery
and corruption work.
The organisation is new or has started to provide significant additional
services, and no previous history of effective counter fraud, bribery or
corruption work exists.
There are significant gaps in NHSCFA required activity across key areas
of activity or NHSCFA priority areas.
Significant concerns are raised by another part of the NHSCFA.
The member of the executive board responsible for overseeing counter
fraud, bribery and corruption work raises concerns regarding the quality
of the local counter fraud, bribery and corruption service received.
A regulator such as NHS Improvement or CQC raises concerns
regarding the quality of the service received.
4.22 A full assessment is conducted on all the NHSCFA key areas of activity as
outlined in the standards.
Focused assessment
4.23 A focused assessment is undertaken in cases where an organisation either
demonstrates a risk in a specific area of counter fraud, bribery or corruption
activity or has demonstrated effective practice in one or more areas. A focused
assessment is conducted on one or at most two of the key areas of activity, for
example Strategic Governance or Inform and Involve.
4.24 A focused assessment might be conducted with organisations demonstrating
some or all of the following characteristics:
The RED, AMBER or GREEN rating provided in the SRT is not
supported by the annual report or any comments made in the relevant
section of the SRT.
There is a lack of evidence of measurable outcomes from the work
conducted to mitigate risk.
Significant concerns are raised by another part of the NHSCFA.
There are gaps in one or two of the key areas of activity, for example
Hold to Account.
Standards for NHS Providers 2018-19 - The quality assurance programme - Page 11 of 69OFFICIAL
Thematic assessment
4.25 A thematic assessment applies to a number of organisations and may be
conducted regionally or across organisations of a similar type.
4.26 Driven primarily by NHSCFA and DHSC priority areas, thematic assessments
focus on compliance and the identification of effective practice, or on areas of
concern identified by the Quality and Compliance team. New NHSCFA
guidance, after a reasonable period given for it to be embedded in
organisations, may be followed up by a thematic assessment.
4.27 Thematic assessments are likely to focus on a fairly specific part of the
standards, possibly only one standard rather than the whole of a key area.
Triggered assessments
4.28 Some organisations will not be selected for a full, focused or thematic
assessment when the annual assurance is received. However, at any stage
during the year organisations may be selected for a triggered assessment.
Triggered assessments are driven by emerging risks, normally of a serious
nature, which may have come to the attention of the Quality and Compliance
team through Senior Quality and Compliance Inspector (SQCI) liaison with
other parts of the NHSCFA. Reasons for a triggered assessment may include,
but are not limited to, the following:
a significant and adverse change in counter fraud, bribery and corruption
specialist provision
a significant ongoing failure to manage organisational counter fraud,
bribery and corruption risks
an ongoing lack of engagement with the NHSCFA’s counter fraud
strategy
a lack of positive and proactive engagement with NHSCFA staff over a
significant period, with a failure to improve after this has been highlighted
an ongoing failure to action recommendations from NHSCFA
assessments, in spite of support and assistance offered.
4.29 If the organisation is selected for a triggered assessment, this can be a focused
or full assessment.
4.30 Following a full or focused assessment, whether triggered or not, the
organisation is provided with a written report which provides advice and
guidance on driving up the quality and value for money of its counter fraud,
bribery and corruption work. The intended outcome is improved standards,
measured by future self reviews and annual reports and assessments.
4.31 Other quality assurance and compliance activities, in addition to assessments,
may also take place to support and develop counter fraud, bribery and
corruption work within the organisation. These could include one-to-one
meetings with key personnel, and meetings with audit committees.
4.32 The purpose of the counter fraud, bribery and corruption quality assurance
programme is to be constructive and supportive. The assurance and
assessment processes do not focus solely on non-compliance with the
Standards for NHS Providers 2018-19 - The quality assurance programme - Page 12 of 69OFFICIAL
standards: they also highlight compliance and outcomes achieved. Where
standards are not being met, the NHSCFA will provide advice, support and
assistance to organisations in order to help them improve performance.
Assessment process
4.33 If an organisation is selected for assessment, at least four weeks’ notice will be
given of any site visit. The SQCI conducting the assessment will notify the
organisation of the dates for the assessment and will indicate the type of
assessment and the areas that will be reviewed. The organisation will be asked
to name a specific contact to make the arrangements for the site visit.
4.34 At this stage it is likely that the SQCI will request information from the
organisation in relation to the areas that will be reviewed. This information
enables the SQCI to formulate relevant questions before the assessment
meeting and it helps in the review of evidence collected during the site visit. It is
essential that any information requested is received by the SQCI within the
deadline given. Failure to provide this information or the provision of late
information is likely to extend the site visit and may have an impact on
organisational compliance with Standard 1.2.
4.35 During the site visit, the SQCI will wish to speak to the nominated counter fraud,
bribery and corruption specialist about the counter fraud, bribery and corruption
work carried out at the organisation. Depending on the area of enquiry and the
type of assessment conducted, the SQCI may also wish to speak to the
member of the executive board responsible for overseeing counter fraud,
bribery and corruption work and other key staff. The organisation will be
informed of this and given timely notice to make arrangements for these
interviews to take place.
4.36 Following the interviews and any additional request for materials, the SQCI will
produce a series of recommendations for the organisation to action. The ratings
and recommendations will be discussed at a closing meeting, which ideally will
be on the same day as the assessment visit or very shortly afterwards. It is
expected that the ratings and recommendations can be agreed at this stage.
4.37 A finalised report will follow the site visit within four weeks. The report will
outline the findings of the site visit in full and will include the ratings and
recommendations discussed at the closing meeting. Within another four weeks
the organisation will be expected to complete an action plan for the
recommendations and return it to the SQCI.
4.38 Following this, the organisation will be expected to comply with the NHSCFA’s
review process. This will involve sending progress reports and audit committee
minutes to the NHSCFA to demonstrate progress against the recommendations
made in the final report. The organisation will be advised of requirements in
relation to the review process at the closing meeting and in writing.
4.39 Some organisations may have a review assessment site visit between nine and
twelve months following the original assessment process. Review assessment
site visits will take place when, in the opinion of the SQCI, one is necessary
based on information received. The review assessment site visit should only
focus on progress against the recommendations made at the previous
assessment, unless there are significant matters that have arisen in the
meantime.
Standards for NHS Providers 2018-19 - The quality assurance programme - Page 13 of 69OFFICIAL
4.40 As indicated above, discussion and liaison are an essential part of the
assessment process. Organisations and staff members have a number of
opportunities to discuss the assessment process and the recommendations,
including during the assessment itself, at the closing meeting and as part of
ongoing liaison. For this reason, there is no formal appeal procedure. However,
if the organisation is dissatisfied with any aspect of the quality assurance
programme, the matter may be raised in the first instance with the National
Quality Lead.
Performance ratings
4.41 As a result of both assurance and assessment processes, organisations will be
rated as being at red, amber or green depending on how well they have
performed against NHSCFA requirements. The benefits of this for organisations
include:
A clear snapshot of organisational progress against each of the
standards.
An overall rating, which will assist with benchmarking against other
organisations in similar groups or sectors.
The ability to monitor and measure ongoing improvement.
A means of assurance for DHSC and NHS England.
4.42 The definitions for each performance rating are listed below.
NON-COMPLIANCE with the standard: RED.
A risk has been identified but no action has been taken to mitigate it, or the
action taken is insufficient in scope.
PARTIAL COMPLIANCE with the standard but little or no impact of
work undertaken: AMBER.
A risk has been identified and action has been taken to mitigate the risk. There
is evidence of compliance through outputs. However, the effectiveness of work
undertaken has not yet been evaluated or there is no reduction of the risk.
There is therefore little or no evidence of outcomes.
Standards for NHS Providers 2018-19 - The quality assurance programme - Page 14 of 69OFFICIAL
FULL COMPLIANCE demonstrating impact of the work: GREEN.
A risk has been identified, work has been carried out and the effectiveness of
this work has been measured. The risk has been mitigated or significant
progress has been made in mitigating the risk. Outcomes are therefore
present.
4.43 Organisations which fulfil the requirements of a standard and can provide
evidence of this through evaluation can determine performance to be GREEN
for that standard. Organisations which can provide evidence of activity carried
out, but cannot yet demonstrate that the activity has been assessed for
effectiveness will determine performance to be AMBER for that standard.
4.44 Organisations which have carried out no activity or do not have evidence of
sufficient activity will need to determine performance at the RED rating. The
rating reached for each standard contributes to an overall rating for the relevant
key area of activity as well as an organisational rating for achievement against
all of the standards.
4.45 Standards 4.4 and 4.5 relate to the taking of witness statements and the
conduct of interviews under caution (IUCs). The NHSCFA acknowledges that,
during the two-year time period for assessment, investigations conducted may
not have progressed to the point where such actions are appropriate. In these
circumstances, a neutral performance rating can be assigned for these two
standards to indicate where the organisation has been unable to comply with
their requirements.
Organisation has had no opportunity to meet the standard
The organisation has not had the opportunity to complete witness
statements/interview under caution to date, as any cases investigated have
not progressed to the appropriate stage.
This performance rating is not weighted and, where given, it does not contribute
to the overall rating for the Hold to Account area of work or the overall SRT
rating. However, during any assessment, if in the judgement of the SQCI and
based on the evidence presented, witness statements or IUCs should have
been taken/conducted and were not, the performance rating awarded will be
RED.
Standards for NHS Providers 2018-19 - The quality assurance programme - Page 15 of 69OFFICIAL
Identifying and mitigating risks
4.46 Organisations should adopt a risk-based approach when determining the
amount of resources required to achieve the highest performance rating for
each standard. Organisations vary in size and needs and a risk-based
approach ensures that appropriate resources are mobilised to identify and
address the counter fraud, bribery and corruption needs of the organisation.
4.47 Organisations should analyse each standard, consider what action is required
and employ appropriate resources to ensure that the standard is met. By
applying this method, organisations should end up with a series of tasks that
enable the development of a work plan.
4.48 The process that organisations should adopt in identifying and mitigating risks
is as follows:
Risk
4.49 The organisation should identify and assess the fraud, bribery and
corruption risks it faces and put in place measures to address them.
Nominated counter fraud, bribery and corruption specialists should be
working in areas where risk is present in order to maximise
effectiveness. Working in areas where there are no fraud, bribery or
corruption risks is not an appropriate use of resources.
Objective
4.50 Once areas of risk have been identified and assessed, the organisation
and the nominated counter fraud, bribery and corruption specialist
should be very clear about their objectives, or what they want to achieve
in relation to mitigating or addressing the risk. Objectives should be
clearly formulated (for example, percentage reductions or increases), as
this helps with measuring and demonstrating outcomes.
Task
4.51 The organisation, probably through the nominated counter fraud, bribery
and corruption specialist, should then carry out the appropriate tasks to
meet the defined objectives.
Outputs
4.52 These are the products of the tasks performed to meet objectives.
Outputs provide evidence that the task has been carried out but
generally do not, on their own, provide evidence of outcomes. Outputs
may include presentation materials, policies and procedures or terms of
reference.
Outcomes
4.53 These are the pieces of evidence that demonstrate the effective
addressing of identified risks and the fulfilment of defined objectives.
Outcomes may include, among other things: staff survey results, case
closure reports, or evidence demonstrating staff awareness and
understanding of policies and procedures to reduce risk.
Standards for NHS Providers 2018-19 - The quality assurance programme - Page 16 of 69OFFICIAL
4.54 Following this methodology is not compulsory, although organisations
will be assessed on the evidence of outputs and outcomes.
Weightings
4.55 Some standards are weighted to reflect their overall importance in counter
fraud, bribery and corruption work, and to reflect areas where specific
improvement is required nationally or where action is particularly required to
mitigate organisational risk. The weightings reflect NHSCFA priorities and are
subject to ongoing review.
4.56 Weightings may be changed to reflect new and emerging risks addressed in the
standards. If an organisation does not conduct activity against a weighted
standard, the overall RAG rating, either for the relevant key area of activity or
for the self review as a whole, is affected. Further information on weightings
can be shared with organisations, and any queries may be directed to
fraudqa@nhscfa.gsi.gov.uk.
Reasonable expectations
4.57 In order to make the working relationship between organisations and the
Quality and Compliance team as effective as possible, we have outlined what
organisations can reasonably expect from the QC team and what the QC team
reasonably expects from organisations. Understanding these reasonable
expectations (which are set out in Appendix 1) will help both parties make the
most of working together. Please note that if organisations do not adhere to
these expectations, the organisation may be in breach of Standard 1.2, which
deals with compliance with the quality assurance programme.
Feedback
4.58 Your opinion counts and as part of our commitment to continuous improvement,
we encourage feedback from stakeholders on the quality assurance
programme. You can send your comments by email to
fraudqa@nhscfa.gsi.gov.uk.
Standards for NHS Providers 2018-19 - The quality assurance programme - Page 17 of 69OFFICIAL
5 Standards
Key Principle 1: Strategic Governance
Standard 1.1
A member of the executive board or equivalent body is responsible for
overseeing and providing strategic management and support for all counter
fraud, bribery and corruption work within the organisation.
Rationale
It is important that counter fraud, bribery and corruption work has effective leadership
and a high level of commitment from senior management within an organisation.
Identifying an individual from the executive board or equivalent body to oversee this
work can help the organisation to focus on its key strategic priorities in relation to
counter fraud, bribery and corruption work.
N.B. ‘Equivalent body’ may include, but is not limited to, the board of directors, the
board of trustees or the governing body. Oversight of counter fraud, bribery and
corruption work should not be delegated to an individual below this level of seniority in
the organisation.
Ratings
Organisation does not meet the standard
There is no member of the executive board, or equivalent body, who has a clearly
defined responsibility for the strategic management of, and support for, counter fraud,
bribery and corruption work.
Where such a responsibility is defined, there is little or no evidence of strategic
management of, or support for, counter fraud, bribery and corruption work.
The member of the executive board or equivalent body has not ensured the provision
of relevant and timely information regarding counter fraud, bribery and corruption work
to the coordinating commissioner upon request.
Organisation partially meets the standard
Not applicable to this standard.
Standards for NHS Providers 2018-19 - Standards - Page 18 of 69OFFICIAL
Organisation meets the standard
There is a member of the executive board or equivalent body who has a clearly
defined responsibility for the strategic management of, and support for, counter fraud,
bribery and corruption work.
There is evidence that this responsibility is discharged effectively. Counter fraud,
bribery and corruption objectives are discussed and reviewed at a strategic level within
the organisation and this is documented.
The member of the executive board or equivalent body has ensured the provision of
relevant and timely information regarding counter fraud, bribery and corruption work to
the coordinating commissioner upon request.
Where additional or corrective action is necessary, this is discussed and the
appropriate actions taken and documented.
Guidance, supporting documentation and evidence
Organisations should consider the following (the list is not exhaustive):
Board meeting minutes
Organisational counter fraud, bribery and corruption work plan
Annual report on counter fraud, bribery and corruption work
Progress reports to the audit committee, board or executive level managers
Minutes of relevant meetings, action points and records of their execution
Audit committee minutes
Documentation from the nominations process
Standing Orders/Standing Financial Instructions
Evidence of the supply of counter fraud, bribery and corruption information to
coordinating commissioners. This may include, but is not limited to, the self
review tool, the annual report of counter fraud work and the counter fraud work
plan.
Standards for NHS Providers 2018-19 - Standards - Page 19 of 69OFFICIAL
Standard 1.2
The organisation’s non-executive directors and board level senior management
provide clear and demonstrable support and strategic direction for counter
fraud, bribery and corruption work. Evidence of proactive management, control
and evaluation of counter fraud, bribery and corruption work is present. If the
NHSCFA has carried out a qualitative assessment, the non-executive directors
and board level senior management ensure recommendations made are fully
actioned.
Rationale
In order for the organisation to adequately counter fraud, bribery and corruption, there
must be proactive support for the NHSCFA’s strategy at senior management level.
This will ensure that counter fraud, bribery and corruption work meets organisational
and NHSCFA requirements and that there is sufficient buy-in for it at senior level. This
will mitigate fraud, bribery and corruption risks, protect public money and ensure that
NHS funds are used appropriately.
N.B. References to board level senior management includes, but is not limited to,
the board of directors, the board of trustees or the governing body.
Ratings
Organisation does not meet the standard
There is no evidence of proactive support for counter fraud, bribery and
corruption work from senior management.
Senior management demonstrates a lack of awareness of its responsibilities
in relation to counter fraud, bribery and corruption work and organisational
objectives in this area.
Senior management do not ensure that action plan recommendations are
implemented following any NHSCFA quality assessment and there is no
evidence of demonstrable outcomes. Updates on the implementation of
action plan recommendations are not provided to the NHSCFA upon request.
Where there is an awareness of responsibilities, there is little or no evidence that
senior management has discharged them effectively.
Standards for NHS Providers 2018-19 - Standards - Page 20 of 69OFFICIAL
Organisation partially meets the standard
There is evidence of proactive support for counter fraud, bribery and corruption work
from senior management at the organisation. Support for the trained and nominated
person carrying out counter fraud, bribery and corruption work on the part of the
organisation is present and evident.
There is evidence that senior management recognises its responsibilities in relation to
counter fraud, bribery and corruption work.
Senior management ensures compliance with the requirements of the NHSCFA’s
quality assurance programme. This includes ensuring that action plan
recommendations are implemented following any NHSCFA quality assessment.
However, there is little or no evidence to indicate that this work has been assessed for
effectiveness by the organisation.
Organisation meets the standard
Senior management ensures that action plan recommendations are implemented
following any NHSCFA quality assessment and there is evidence of demonstrable
outcomes. Updates on the implementation of action plan recommendations are
provided to NHSCFA upon request, in line with NHSCFA’s review process.
Any corrective or preventative actions identified as a result of evaluation are
implemented to ensure that counter fraud, bribery and corruption work continues to
address organisational risks.
Guidance, supporting documentation and evidence
Organisations should consider the following (the list is not exhaustive):
The NHSCFA strategy document ‘Leading the fight against NHS Fraud -
Organisational Strategy 2017-2020’
Meeting minutes, decisions, action points and records of their execution,
particularly for decisions taken at board level
Audit committee minutes
Documentation from the nominations process
Counter fraud, bribery and corruption work plan
Communications to staff directly attributed to the chief executive and/or board
members, particularly communications to all staff
Staff surveys
Other evaluation materials such as reports on proactive exercises
Documentation arising from the NHSCFA’s quality assurance programme
Evidence of the implementation of any recommendations made by the NHSCFA
as part of the quality assurance programme
NHS Audit Committee Handbook (relevant sections)
Standards for NHS Providers 2018-19 - Standards - Page 21 of 69OFFICIAL
Standard 1.3
The organisation employs or contracts in an accredited, nominated person (or
persons) to undertake the full range of counter fraud, bribery and corruption
work, including proactive work to prevent and deter fraud, bribery and
corruption and reactive work to hold those who commit fraud, bribery or
corruption to account.
Rationale
Those undertaking counter fraud, bribery and corruption work must have the
necessary training, skills and expertise to perform their role professionally and carry
out criminal investigations in compliance with all relevant legislation. They should be
nominated by the organisation to NHSCFA, and attend specialist training that has
been accredited by the Counter Fraud Professional Accreditation Board .
Ratings
Organisation does not meet the standard
There is no accredited person (or persons) employed or contracted in to carry
out the full range of counter fraud, bribery and corruption work on behalf of
the organisation.
The LCFS has not attended specialist training that has been accredited by
the Counter Fraud Professional Accreditation Board, or has not been
appropriately nominated by the organisation.
The person (or persons) does not appropriately update their skills in line with NHSCFA
and/or legislative requirements.
Organisation partially meets the standard
Not applicable to this standard.
Standards for NHS Providers 2018-19 - Standards - Page 22 of 69OFFICIAL
Organisation meets the standard
There is an accredited, nominated and appropriately trained person(s) who is
employed or contracted in to conduct the full range of counter fraud, bribery and
corruption work on behalf of the organisation.
The nominated person(s) attends training and undertakes continuing professional
development as required to appropriately fulfil their role, on an ongoing basis.
Guidance, supporting documentation and evidence
Organisations should consider the following (the list is not exhaustive):
Training records held by the NHSCFA
Accreditation records held by the NHSCFA
Nomination records held by the NHSCFA or NHS CFS Wales.
Nomination process can be found at https://cfa.nhs.uk/fraud-
prevention/information-local-counter-fraud-specialists
Evidence of continuing professional development
Standards for NHS Providers 2018-19 - Standards - Page 23 of 69OFFICIAL
Standard 1.4
The organisation has carried out risk assessments to identify fraud, bribery and
corruption risks, and has counter fraud, bribery and corruption provision that is
proportionate to the level of risk identified. Measures to mitigate identified risks
are included in an organisational work plan, progress is monitored at a senior
level within the organisation and results are fed back to the audit committee (or
equivalent body).
Rationale
An effective risk management programme and risk based work plan enables the
organisation to target NHS funded resources at the areas of greatest risk, and will
assist it in prioritising counter fraud, bribery and corruption activities.
Ratings
Organisation does not meet the standard
There is no evidence of any risk assessments carried out to identify fraud, bribery and
corruption risks at the organisation.
Where risk assessments have been carried out, no adequate resources have been
allocated to mitigate the risks identified and an organisational work plan has not been
developed.
Where an organisational work plan has been developed, it is not fit for purpose. For
example, the work plan may not cover the required key areas of counter fraud, bribery
and corruption activity as outlined in NHSCFA’s national strategy. Resources may be
inadequate to perform identified tasks and/or organisational risks may be insufficiently
addressed.
The objectives in the work plan are not measurable.
Organisation partially meets the standard
Risk assessments have been carried out to identify fraud, bribery and corruption risks
at the organisation.
Actions to mitigate/reduce risks have been appropriately prioritised and documented in
a work plan which covers the required NHSCFA areas of activity.
Adequate resources have been assigned to specific areas of work.
The objectives in the work plan are measurable, however there is no evidence that the
effectiveness of activities carried out under it has been measured.
Standards for NHS Providers 2018-19 - Standards - Page 24 of 69OFFICIAL
Organisation meets the standard
Resources to carry out the work are realistically assessed and suitable for addressing
the risk identified within a reasonable timescale.
Risk based work plan objectives are demonstrably achieved.
Where necessary, additional resources are allocated during the year to address
emerging risks.
Progress is continuously monitored at a senior level to ensure that risks are mitigated
and that resources remain suitable for this purpose.
Guidance, supporting documentation and evidence
Organisations should consider the following (the list is not exhaustive):
The NHSCFA strategy document ‘Leading the fight against NHS Fraud -
Organisational Strategy 2017-2020’
Risk assessment materials
Evidence of liaison with risk management staff within the organisation
Evidence of risk monitoring being done at a senior level
Relevant meeting minutes, action points and records of their execution
Audit committee minutes
Counter fraud, bribery and corruption work plan
Progress reports
Organisational risk register
Standards for NHS Providers 2018-19 - Standards - Page 25 of 69OFFICIAL
Standard 1.5
The organisation reports annually on how it has met the standards set by
NHSCFA in relation to counter fraud, bribery and corruption work, and details
corrective action where standards have not been met.
Rationale
An annual report is the main way for the organisation to report on performance against
its counter fraud, bribery and corruption objectives, both internally and externally.
Reviewing its success or otherwise in achieving objectives will assist the organisation
in planning ahead, driving up performance and verifying that it has the appropriate
level of assurance in this area.
Ratings
Organisation does not meet the standard
There is no evidence that the organisation has completed an annual report
demonstrating progress against counter fraud, bribery and corruption objectives.
Where an annual report has been completed, it does not cover all key areas of counter
fraud, bribery and corruption activity as outlined in NHSCFA’s strategy. The report
does not provide a full update on actions taken to counter fraud, bribery and corruption
as outlined in the work plan for that year. Where an NHSCFA quality assessment has
been conducted, there is no update on the progress made against the action plan.
The annual report does not contain a fully completed self review tool against the
standards or a statement of assurance.
There is no evidence that the annual report has been reviewed or signed off by the
organisation.
Organisation partially meets the standard
Not applicable to this standard.
Organisation meets the standard
The annual report on counter fraud, bribery and corruption work complies with the
NHSCFA’s guidance in relation to content, referring to all applicable standards for
fraud, bribery and corruption appropriately, and providing a clear update on progress
against work plan objectives.
An appropriately signed statement of assurance is included in the annual report. A fully
completed self review tool is included with the annual report.
Standards for NHS Providers 2018-19 - Standards - Page 26 of 69You can also read
